From 4945ca640b893c2251ace915edaa722886fac93f Mon Sep 17 00:00:00 2001
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Date: Mon, 26 Feb 2024 17:34:53 -0500
Subject: linux-yocto/6.6: update CVE exclusions

Data pulled from: https://github.com/nluedtke/linux_kernel_cves

    1/1 [
        Author: Nicholas Luedtke
        Email: nicholas.luedtke@uwalumni.com
        Subject: Update 25Feb24
        Date: Sun, 25 Feb 2024 07:03:08 -0500

    ]

(From OE-Core rev: efa1420085d1671c7e3c9daa1949b36cf1822ed1)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-kernel/linux/cve-exclusion_6.6.inc | 124 ++++++++++++++++++++++--
 1 file changed, 118 insertions(+), 6 deletions(-)

(limited to 'meta/recipes-kernel')

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.6.inc b/meta/recipes-kernel/linux/cve-exclusion_6.6.inc
index 0274496da3..723a588429 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.6.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.6.inc
@@ -1,9 +1,9 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2024-02-21 00:38:40.167585+00:00 for version 6.6.17
+# Generated at 2024-02-26 20:14:05.493685+00:00 for version 6.6.18
 
 python check_kernel_cve_status_version() {
-    this_version = "6.6.17"
+    this_version = "6.6.18"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -5144,6 +5144,70 @@ CVE_STATUS[CVE-2023-5197] = "fixed-version: Fixed from version 6.6rc3"
 
 CVE_STATUS[CVE-2023-52340] = "fixed-version: Fixed from version 6.3rc1"
 
+CVE_STATUS[CVE-2023-52429] = "cpe-stable-backport: Backported in 6.6.18"
+
+CVE_STATUS[CVE-2023-52433] = "fixed-version: Fixed from version 6.6rc1"
+
+CVE_STATUS[CVE-2023-52434] = "cpe-stable-backport: Backported in 6.6.8"
+
+CVE_STATUS[CVE-2023-52435] = "cpe-stable-backport: Backported in 6.6.11"
+
+CVE_STATUS[CVE-2023-52436] = "cpe-stable-backport: Backported in 6.6.13"
+
+CVE_STATUS[CVE-2023-52438] = "cpe-stable-backport: Backported in 6.6.13"
+
+CVE_STATUS[CVE-2023-52439] = "cpe-stable-backport: Backported in 6.6.13"
+
+CVE_STATUS[CVE-2023-52440] = "fixed-version: Fixed from version 6.6rc1"
+
+CVE_STATUS[CVE-2023-52441] = "fixed-version: Fixed from version 6.5rc4"
+
+CVE_STATUS[CVE-2023-52442] = "fixed-version: Fixed from version 6.5rc4"
+
+CVE_STATUS[CVE-2023-52443] = "cpe-stable-backport: Backported in 6.6.14"
+
+CVE_STATUS[CVE-2023-52444] = "cpe-stable-backport: Backported in 6.6.14"
+
+CVE_STATUS[CVE-2023-52445] = "cpe-stable-backport: Backported in 6.6.14"
+
+CVE_STATUS[CVE-2023-52446] = "cpe-stable-backport: Backported in 6.6.14"
+
+CVE_STATUS[CVE-2023-52447] = "cpe-stable-backport: Backported in 6.6.14"
+
+CVE_STATUS[CVE-2023-52448] = "cpe-stable-backport: Backported in 6.6.14"
+
+CVE_STATUS[CVE-2023-52449] = "cpe-stable-backport: Backported in 6.6.14"
+
+CVE_STATUS[CVE-2023-52450] = "cpe-stable-backport: Backported in 6.6.14"
+
+CVE_STATUS[CVE-2023-52451] = "cpe-stable-backport: Backported in 6.6.14"
+
+CVE_STATUS[CVE-2023-52452] = "cpe-stable-backport: Backported in 6.6.14"
+
+CVE_STATUS[CVE-2023-52453] = "cpe-stable-backport: Backported in 6.6.14"
+
+CVE_STATUS[CVE-2023-52454] = "cpe-stable-backport: Backported in 6.6.14"
+
+CVE_STATUS[CVE-2023-52455] = "cpe-stable-backport: Backported in 6.6.14"
+
+CVE_STATUS[CVE-2023-52456] = "cpe-stable-backport: Backported in 6.6.14"
+
+CVE_STATUS[CVE-2023-52457] = "cpe-stable-backport: Backported in 6.6.14"
+
+CVE_STATUS[CVE-2023-52458] = "cpe-stable-backport: Backported in 6.6.14"
+
+CVE_STATUS[CVE-2023-52459] = "cpe-stable-backport: Backported in 6.6.14"
+
+CVE_STATUS[CVE-2023-52460] = "fixed-version: only affects 6.7rc1 onwards"
+
+CVE_STATUS[CVE-2023-52461] = "fixed-version: only affects 6.7rc1 onwards"
+
+CVE_STATUS[CVE-2023-52462] = "cpe-stable-backport: Backported in 6.6.14"
+
+CVE_STATUS[CVE-2023-52463] = "cpe-stable-backport: Backported in 6.6.14"
+
+CVE_STATUS[CVE-2023-52464] = "cpe-stable-backport: Backported in 6.6.14"
+
 CVE_STATUS[CVE-2023-5345] = "fixed-version: Fixed from version 6.6rc4"
 
 CVE_STATUS[CVE-2023-5633] = "fixed-version: Fixed from version 6.6rc6"
@@ -5234,6 +5298,8 @@ CVE_STATUS[CVE-2024-1085] = "cpe-stable-backport: Backported in 6.6.14"
 
 CVE_STATUS[CVE-2024-1086] = "cpe-stable-backport: Backported in 6.6.15"
 
+CVE_STATUS[CVE-2024-1151] = "cpe-stable-backport: Backported in 6.6.18"
+
 CVE_STATUS[CVE-2024-1312] = "fixed-version: Fixed from version 6.5rc4"
 
 # CVE-2024-21803 has no known resolution
@@ -5252,11 +5318,11 @@ CVE_STATUS[CVE-2024-22705] = "cpe-stable-backport: Backported in 6.6.10"
 
 CVE_STATUS[CVE-2024-23849] = "cpe-stable-backport: Backported in 6.6.15"
 
-# CVE-2024-23850 has no known resolution
+CVE_STATUS[CVE-2024-23850] = "cpe-stable-backport: Backported in 6.6.18"
 
-# CVE-2024-23851 has no known resolution
+CVE_STATUS[CVE-2024-23851] = "cpe-stable-backport: Backported in 6.6.18"
 
-# CVE-2024-24855 has no known resolution
+CVE_STATUS[CVE-2024-24855] = "fixed-version: Fixed from version 6.5rc2"
 
 # CVE-2024-24857 has no known resolution
 
@@ -5264,9 +5330,55 @@ CVE_STATUS[CVE-2024-23849] = "cpe-stable-backport: Backported in 6.6.15"
 
 # CVE-2024-24859 has no known resolution
 
-# CVE-2024-24860 has no known resolution
+CVE_STATUS[CVE-2024-24860] = "cpe-stable-backport: Backported in 6.6.14"
 
 # CVE-2024-24861 has no known resolution
 
 # CVE-2024-24864 has no known resolution
 
+# CVE-2024-25739 has no known resolution
+
+# CVE-2024-25740 has no known resolution
+
+# CVE-2024-25741 has no known resolution
+
+CVE_STATUS[CVE-2024-25744] = "cpe-stable-backport: Backported in 6.6.7"
+
+CVE_STATUS[CVE-2024-26581] = "cpe-stable-backport: Backported in 6.6.17"
+
+CVE_STATUS[CVE-2024-26582] = "cpe-stable-backport: Backported in 6.6.18"
+
+CVE_STATUS[CVE-2024-26583] = "cpe-stable-backport: Backported in 6.6.18"
+
+CVE_STATUS[CVE-2024-26584] = "cpe-stable-backport: Backported in 6.6.18"
+
+CVE_STATUS[CVE-2024-26585] = "cpe-stable-backport: Backported in 6.6.18"
+
+CVE_STATUS[CVE-2024-26586] = "cpe-stable-backport: Backported in 6.6.14"
+
+CVE_STATUS[CVE-2024-26587] = "cpe-stable-backport: Backported in 6.6.14"
+
+CVE_STATUS[CVE-2024-26588] = "cpe-stable-backport: Backported in 6.6.14"
+
+CVE_STATUS[CVE-2024-26589] = "cpe-stable-backport: Backported in 6.6.14"
+
+CVE_STATUS[CVE-2024-26590] = "cpe-stable-backport: Backported in 6.6.14"
+
+CVE_STATUS[CVE-2024-26591] = "cpe-stable-backport: Backported in 6.6.14"
+
+CVE_STATUS[CVE-2024-26592] = "cpe-stable-backport: Backported in 6.6.14"
+
+CVE_STATUS[CVE-2024-26593] = "cpe-stable-backport: Backported in 6.6.18"
+
+CVE_STATUS[CVE-2024-26594] = "cpe-stable-backport: Backported in 6.6.14"
+
+CVE_STATUS[CVE-2024-26595] = "cpe-stable-backport: Backported in 6.6.14"
+
+# CVE-2024-26596 needs backporting (fixed from 6.8rc1)
+
+CVE_STATUS[CVE-2024-26597] = "cpe-stable-backport: Backported in 6.6.14"
+
+CVE_STATUS[CVE-2024-26598] = "cpe-stable-backport: Backported in 6.6.14"
+
+CVE_STATUS[CVE-2024-26599] = "cpe-stable-backport: Backported in 6.6.14"
+
-- 
cgit v1.2.3-54-g00ecf